residual self image

Wednesday, April 19, 2006

Tom Cruise boasts of eating placenta

Tom Cruise boasted about eating fiancèe Katie Holmes's placenta when baby Cruise is born, Cruise said in an interview

Xinhua story ....

what's placentophagy

i think am going to throw up...gotta go

Monday, April 10, 2006

Corporate misbehavior: Bone-headed D-Link’s NTP vandalism

This is where I first came across the story

“Danish server admin exposes D-Link's "NTP vandalism"”

What does a geek get when he takes upon himself to provide a valuable service to the community? A giant networking corporation screws him really bad and when the person tries to reason with them and get them to admit that they were wrong they try to screw him even harder.

So here begins the story of one Danish FreeBSD programmer Poul-Henning Kamp, who was running an NTP server for the benefit of those in Denmark because they have no national time-lab there to offer a much required time service for use on the internet.

Wait a second … what’s NTP?

Oh! Sorry L my apologies.

NTP is Network Time Protocol, a protocol that allows computers to transfer timestamps across the internet so that they can set their clocks to the correct time.

A number of NTP servers on the internet are connected to radio timecode receivers, GPS receivers or in some cases directly to national time laboratories primary atomic frequency standards

Now it’s not a good net etiquette to check an NTP server when you wish to set the correct time for a device connected to the net.

Consumer devices should ask one of their ISP’s time service machines (probably running at stratum 3), the ISP will synchronise these to a stratum 2 device that is firewalled off from customers, and that machine will chime with some nearby (same continent) stratum 1 machines. Leaving aside the denial-of-service issues there’s not much point in consumers sending packets half-way across a continent to a stratum 1 machine — network variability will mean that they get as good or better results from a nearby box.”

As I said it’s not a good net etiquette to check an NTP server when you wish to set the correct time for a device connected to the net especially when NTP servers are a part of the key infrastructure of the internet.

And to get back to our story our protagonist Kamp was running a stratum 1 timeserver - an NTP server “” for use of network servers located in Denmark. The server was hosted at DIX, the Danish Internet Exchange Point and since Kamp’s NTP server was providing a valuable service (extremely accurate timing) to Danish ISPs, the charges for his hosting at DIX are waived.

Unfortunately, his NTP server has been coming under constant attack by a stream of Network Time Protocol (NTP) time request packets coming from random IP addresses all over the world. These were disrupting the gentle flow of traffic from the 2000 or so genuine systems that were “chiming” against his master system, and also consuming a very great deal of bandwidth.

On a typical day he’d receive 3.2 million bad packets (that’s 37 a second!) from machines outside Denmark. That’s a lot of network traffic. Kamp’s NTP server was never supposed to even attract a fraction of this traffic (which is why DIX had waived of his hosting charges in the first place). Now someone has to pay for this traffic, that’s how the internet works. So Kamp is now faced with a yearly $8,800 USD bill to keep his free service for his motherland up and running.

What went wrong and where does DLink figure in this???

Kamp enlisted the help of some networking gurus to find out what was going on. And the answer was DLink’s routers among then the products (DI-604, DI-614+, DI-624, DI-754, DI-764, DI-774, DI-784, VDI604 and VDI624)

Read here how the culprit was caught “When Firmware Attacks! (DDoS by D-Link)”

Well the incompetent coders at Dlink decided to hardcode the addresses of stratum 1 NTP servers into their routers bypassing established Internet etiquette for ….well timestamping the router logs with atomic precision!!!! The routers had a list of NTP servers in their firmware and were using this to fetch the correct time and the waiting period for waiting for responses was too low, resulting in the devices sending out many requests to many servers every minute.

Now Kamp’s NTP server “” was in the list too and this server was badly hit and DIX had no option but to slap an $8,800/year connection fee on Kamp.

Now Kamp was a really good guy, he’s an open source programmer in case you forgot. He quietly approached DLink, told them that their firmware was faulty and they should get it fixed. He suggested that DLink might even run an NTP server on its own for the exclusive use of its routers.

He told them that something like this happened before with NetGear products …see Flawed Routers Flood University of Wisconsin Internet Time Server” and NetGear had owned up and fixed their products.

And what does DLink do? Accept their mistake?? Spend a few hundred grand on fixing their products?? NO!!! ….What else, get a big shot lawyer and screw the little guy even more for opening his mouth.

To quote Kamp’s own words –

“I can not publically disclose the specific offers D-Link's lawyer has made, but these documents are obviously available to D-Link management through internal channels.

I can however summarize them: I have been accused of extortion. I have been told that I have no claim, been told that I exaggerate the claim. I have been told to submit myself to California law but would have to sign away all my rights under it.

I have also been offered a specific amount of "hush-money" if I would just shut up and go away, but the amount offered would not even cover my most direct expenses.

In return D-Link would admit to nothing, promise nothing and do nothing to induce their customers to upgrade their firmware.

And nowhere in five months of correspondence have I seen the word "sorry" or "apology" forwarded to me. “

For months Kamp fought a solitary battle with the networking giant with no avail. So a couple of days back he laid bare his story in front of the world about how a big corporate was hell bent on sweeping under the carpet its mistakes and apologize for the damage it has done.

On April 7th, 2006 he put a letter titled “Open Letter to D-Link about their NTP vandalism” at so that the rest of the world could come to know about DLink’s act of vandalism.

Read more about this at


Man takes on D-Link publicly, with time not on his side "

"D-Link accused of harvesting Stratum-1 server list "

"D-Link Firmware Abuses Open NTP Servers "

Read about " NTP Pool Servers

What can you do to help Kamp since DLink isn’t doing anything right now!

Consult your DLink manual if you are using a DLink router, see if you can override the default settings for time servers. Instructions for setting the default NTP server can be found here. If you can’t find it or can’t change it; call up product support and have them fix it. Because if the NTP servers are taken down or moved your router would be in a really terrible position!

You can also write to DLink to express your displeasure over the issue at:

What am I going to do???…Ah there’s a DLink office here in this city on my way to home from office, wonder if I should walk in and say hello to the DLink head there and give him or her a piece of my mind ;)